SDTech Mobile Application Inc.

← Back to Home

Privacy Policy

Effective Date: November 3, 2025

Last Updated: April 19, 2026

TL;DR - Your Privacy Matters: DVR Time Traveler is a privacy-first calculator app. All your case data stays on YOUR device. We don't collect, transmit, or store any personal information. No accounts, no tracking, no behavioral analytics. The only outbound traffic is anonymous network time attestation (HTTPS Date headers from major web providers), optional crash reports (Sentry), MDM-pushed organization logos (managed devices only), and license validation — none of which contain case data. License validation transmits device identifiers (not case data) to the SDTech license server, and server-side IP addresses are logged temporarily for security purposes.

1. Introduction

Welcome to DVR Time Traveler ("we," "our," or "the App"). This Privacy Policy explains how we handle your information when you use our mobile application.

DVR Time Traveler is a specialized calculator designed for law enforcement professionals to calculate DVR (Digital Video Recorder) DATE/TIME difference, event location and retention dates and generate reports for legal investigations.

2. Information We Collect

2.1 Personal Information

We do not collect case data or investigative content on any server.

DVR Time Traveler does NOT collect, transmit, or store:

  • Names, email addresses, or contact information
  • Location data or GPS coordinates
  • Contacts or calendar data
  • Usage analytics or behavioral data

However, during license validation and activation, the following technical identifiers are transmitted to the SDTech license server over HTTPS:

  • Device UUID (randomly generated at first launch)
  • Device name (as set by the user in their device settings, e.g. "John's iPhone")
  • Device model, OS version, and app version
  • Android hardware ID (Android devices only)
  • License key

The server also logs the connecting IP address for security and abuse prevention. Validation logs (including IP addresses) are automatically purged after 30 days. Device names may contain personal information if set by the user — see §2.3.

For a comprehensive assessment of how this data is handled, including risk analysis and mitigation measures, see our Privacy Impact Assessment (Loi 25).

2.2 Case Data (Local Only)

When you use the app to calculate DVR DATE/TIME difference, event location, retention dates, generate reports, the following information is stored exclusively on your device using encrypted local storage:

  • Case numbers (if entered)
  • Date/time calculations (surveillance dates, event dates, retention periods)
  • Police information (officer name, badge number, department - if entered)
  • Location addresses (if entered for reports)
  • DVR IDs (if entered)
  • Notes (if entered)
  • Case Photos (if captured)
  • Generated report history
  • Notes backup files (if created for export/import)
Important: This data NEVER leaves your device. It is encrypted using AES-256 encryption and stored locally using React Native's Expo SecureStore.

2.3 Device Information

The app generates a unique device UUID stored locally to manage app settings and preferences. This UUID:

  • Is randomly generated on first app launch
  • Is stored locally for app data organization
  • Is transmitted to the SDTech license server during license activation and periodic validation (see §2.1 and §5.1)

Additionally, the device name (as configured in your device settings) is transmitted during license activation. Because users sometimes include their real name in their device name (e.g. "Sylvain's iPhone"), this field may constitute personal information under privacy regulations such as Quebec's Loi 25, GDPR, and CCPA.

2.4 App Permissions

The app may request access to certain device features to provide specific functionality. These permissions are optional and used only for their intended purpose:

  • Camera: Used only to capture photos for case evidence or to add an agency logo to reports. Photos are stored locally on your device.
  • Storage / Files: Used to save generated PDF reports and case photos to your device's storage, and to import/export notes backups.

3. How We Use Your Information

Since all data remains on your device, "we" don't use your information. YOU use the app to:

  • Calculate DATE/TIME difference, event location, retention dates, generate reports for legal investigations
  • Generate PDF reports for court proceedings
  • Store report history locally for your reference
  • Email reports directly from your device (using your device's email client)
  • Export and import notes as backup files (.txt format) for data portability and device transfers

4. Data Storage and Security

4.1 Encryption

All sensitive case data is encrypted using:

  • AES-256 encryption - Military-grade security standard
  • Device keychain protection (iOS Keychain / Android Keystore)
  • Secure delete - Data is securely wiped when deleted

4.2 Local Storage Only

Your data is stored using:

  • Expo SecureStore - For sensitive case information (encrypted)
  • AsyncStorage - For non-sensitive app preferences (not encrypted)
  • Device file system - For generated PDF reports (stored in app sandbox)

4.3 No Cloud Storage

We do NOT use:

  • Cloud databases (Firebase, AWS, Google Cloud, etc.)
  • Remote servers for data storage
  • Third-party analytics services (no Google Analytics, Mixpanel, etc.)
  • Advertising networks
  • Social media integrations

4.4 Crash Reporting (Sentry)

To ensure app stability and fix bugs quickly, we use Sentry for crash reporting. When the app crashes or encounters an error:

  • What is sent: Error details, device type, OS version, app version, and anonymized device ID
  • What is NOT sent: Case numbers, addresses, police information, DVR IDs, notes, or any case-sensitive data
  • Why we do this: To identify and fix bugs before they affect more users
  • Privacy protection: All text and images are masked in crash reports. Only technical error information is collected.
  • Third-party: Sentry.io (ISO 27001 certified, GDPR compliant)
  • Data retention: Crash reports are automatically deleted after 90 days

Note: Crash reporting is disabled during development and only active in production builds.

4.5 Pattern and Credential Storage Feature

The App includes an optional feature to store third-party DVR access credentials (patterns, usernames, passwords). This feature requires explicit consent due to privacy regulations:

  • Consent Required: You must provide explicit consent before enabling this feature, including providing your badge/ID number for audit purposes
  • Legal Compliance: Subject to Quebec Law 25 (Canada), GDPR (Europe), CCPA/CDPA (United States), and other privacy regulations
  • Storage: Credentials are encrypted with AES-256 and stored locally on your device only
  • Audit Trail: All consent actions (granted, reconfirmed, revoked) are permanently logged with timestamps and badge numbers
  • Reconfirmation: Consent must be reconfirmed every 12 months to ensure ongoing compliance
  • Administrator Access: Authorized administrators can view consent history through the Device Info section for compliance verification
  • Your Responsibility: You must verify compliance with your jurisdiction's laws and your agency's policies before enabling this feature

4.6 Agency Logo Feature

The App allows users to import and display their agency's logo on generated PDF reports:

  • Local Storage Only: Logos are stored locally on your device and embedded in PDF reports you generate
  • No Transmission: Logos are never uploaded to servers or shared with third parties
  • Legal Warning: Users are legally prohibited from using logos from agencies they are not employed by. Unauthorized logo use may constitute impersonation or fraud
  • User Responsibility: You are solely responsible for ensuring you have authorization to use any logo you import
  • Gallery Storage: The app can store up to 10 logos locally for quick switching between authorized logos

4.7 Enterprise and MDM Management

The App supports Mobile Device Management (MDM) for enterprise deployments:

  • MDM Configuration: IT administrators can remotely configure app settings through Android Enterprise or iOS Managed App Configuration
  • Feature Restrictions: Administrators can disable notes or patterns features for specific users or groups
  • Organization Information: MDM-managed devices may display organization name and custom support contact information
  • Audit Logging: All administrative actions are logged locally with timestamps, action details, and administrator badge numbers
  • Local Storage Only: All audit logs remain on the device and are never transmitted to servers
  • Admin Password Protection: Local administrator controls can be password-protected with secure recovery options
  • No Additional Data Collection: MDM features do not change our zero-collection policy - all case data remains local
  • Enterprise License Keys: Organizations may deploy centralized license keys through MDM for simplified activation

4.8 Network Time Attestation

To assure the integrity of time-based calculations and report timestamps, the App performs anonymous network time attestation:

  • How it works: The App issues HTTPS HEAD requests to a small set of major web service providers (e.g., Google, Cloudflare, Microsoft, Apple) and reads only the standard Date response header to estimate trusted network time using a multi-source consensus (Cristian's algorithm with median selection).
  • What is sent: A standard HTTPS HEAD request. No request body, no case data, no badge number, no device identifier, no app-specific headers beyond what the platform's HTTP stack normally emits.
  • What is received: Only the HTTP response headers (notably Date). Response bodies are not downloaded.
  • When it runs: At app launch and when generating a report. If all probes fail, the App falls back to the device clock and clearly marks the resulting report as offline calculation on the report verso.
  • Third-party providers: The targeted providers operate global CDN endpoints reachable by any browser. Their server logs may record the connecting IP address per their own privacy policies. The App does not authenticate to or transmit any user data to these endpoints.
  • Why it matters: This attestation is what allows the report to claim a verified, defensible time anchor for forensic and court purposes.

4.9 MDM Push Logo Provisioning

For MDM-managed devices, organization administrators may provision an official agency logo to be deployed automatically to all enrolled devices via the SDTech license server:

  • Who is affected: Only devices enrolled with an MDM-managed enterprise license. Standalone (consumer) installations never receive pushed logos.
  • What is downloaded: Only the logo image binary the administrator uploaded to their organization profile, plus a content hash for integrity verification. No personal data, no other organization's logos.
  • Where it is stored: Locally in the device's secure logo gallery, marked as MDM-mandatory and protected from local deletion.
  • Transport: HTTPS to the SDTech license server. Requests carry only the enterprise license identifier needed to determine which organization's logos apply.
  • No image content sent from the device: The App downloads pushed logos; it never uploads device-side logo galleries to any server.

5. Data Sharing and Disclosure

We share ZERO case data because we have ZERO access to your case data.

The only data that leaves your device:

  • Network time attestation (automatic) - Anonymous HTTPS HEAD requests to major web providers to read the Date header (no case data, no identifier; see §4.8)
  • License validation (automatic) - HTTPS calls to the SDTech license server carrying the license key, device UUID, device name, device model, OS version, app version, and Android ID (no case data; see §2.1)
  • MDM pushed logos (managed devices only) - Download of organization-approved logo images from the SDTech license server (see §4.9)
  • Crash reports (technical only) - Sent to Sentry when app crashes (no case data)
  • Email reports (by your choice) - Uses your device's native email client (Mail, Gmail, Outlook, etc.)
  • Export PDF (by your choice) - Saves to your device's file system for manual sharing
  • Notes backup files (by your choice) - Export notes as .txt files for backup/transfer, or import notes from backup files. All processing happens locally on your device.

5.1 Third-Party Services

DVR Time Traveler uses the following third-party services:

  • Sentry.io - Crash reporting and error monitoring
    • Purpose: Identify and fix app crashes
    • Data collected: Error logs, device type, OS version (NO case data)
    • Privacy Policy: https://sentry.io/privacy/
    • Data location: United States (GDPR compliant)
  • Major web service providers (Google, Cloudflare, Microsoft, Apple) - Network time attestation
    • Purpose: Read the standard HTTP Date response header to attest device clock accuracy (see §4.8)
    • Data sent: Standard HTTPS HEAD request; no case data, no identifier, no body
    • Their server logs may record the connecting IP address per their own privacy policies
  • SDTech license server - License validation and MDM logo distribution
    • Purpose: Validate active licenses and, on managed devices, distribute organization-approved logos (see §4.9)
    • Data sent: License key, device UUID, device name, device model, OS/app version, Android ID; no case data (see §2.1)
    • Operated by SDTech Mobile Application Inc.

5.2 Legal Requirements

Since we don't collect case data on servers, we have nothing to disclose to law enforcement or legal requests regarding your cases. Crash reports contain only technical data.

6. Your Rights and Choices

6.1 Data Access

You have complete access to all your data within the app at all times.

6.2 Data Deletion

You can delete your data at any time:

  • Individual reports - Delete from Report History section
  • Comprehensive Clear All Data - One-button deletion in Settings → Data Management that permanently removes:
    • Police identification information
    • All report history and generated PDFs
    • All notes pages
    • Error logs and diagnostics
    • App settings and preferences
    • Downloaded logo and PDF files
  • Complete removal - Uninstall the app (deletes all local data)

The Clear All Data feature complies with GDPR Article 17 (Right to Erasure) and similar privacy regulations worldwide.

6.3 Data Portability

Export your data for portability:

  • PDF Reports - Export reports for your records or legal proceedings
  • Notes Backup - Export notes as .txt files to transfer between devices or create backups
  • Selective Export - Choose specific note pages to export or import

6.4 No Account Required

The app works completely offline with no account creation, login, or registration required.

7. Children's Privacy (COPPA Compliance)

DVR Time Traveler is designed for professional law enforcement use and is not intended for children under 13. We do not knowingly collect information from children.

8. International Users (GDPR Compliance)

For users in the European Union, European Economic Area, and other regions with data privacy laws:

  • Legal Basis: Legitimate interest (license management and crash diagnostics) for the limited technical identifiers described in §2.1; no case data is processed server-side
  • Data Controller: You are the data controller of your own local data
  • Right to Erasure: Delete data anytime within the app
  • Data Transfers: Crash reports are processed by Sentry.io in the United States (GDPR-compliant). The SDTech license server runs on Cloudflare's global edge network. Time attestation requests reach globally distributed CDN endpoints. No case data is included in any of these transfers.

9. California Privacy Rights (CCPA Compliance)

For California residents:

  • Right to Know: We collect zero personal information
  • Right to Delete: Delete your local data anytime
  • Right to Opt-Out: Not applicable - we don't sell data
  • Non-Discrimination: Not applicable - no account or service tiers

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be reflected by updating the "Last Updated" date at the top of this policy.

Significant changes will be communicated through:

  • In-app notification on first launch after update
  • Updated policy posted at this URL
  • App store update notes

11. Security Disclaimer

While we implement industry-standard encryption (AES-256), no security system is 100% impenetrable. You are responsible for:

  • Securing your device with a passcode/biometric lock
  • Keeping your device OS updated
  • Not jailbreaking/rooting your device (compromises security)
  • Protecting PDF reports you generate and share

12. App Permissions

DVR Time Traveler requests minimal permissions:

  • Storage - To save generated PDF reports locally
  • Notifications (Optional) - For app update reminders (if enabled)

The app does NOT request:

  • Camera or photo library access
  • Microphone access
  • Location services
  • Contacts access
  • Bluetooth or NFC

13. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

We will respond to privacy inquiries within 30 days.

14. Acknowledgment

By using DVR Time Traveler, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.

← Back to Home